Sony patch uncloaks CDs' hidden DRM code

After taking a drubbing from computer enthusiasts, Sony BMG Music Entertainment has released a software patch that removes controversial cloaking technology found in copy protection software the company has been shipping with some of its CDs.

Climb-down after 'spyware' criticism

Email this to a friend

Characters remaining:

What is A + B?

After taking a drubbing from computer enthusiasts, Sony BMG Music Entertainment has released a software patch that removes controversial cloaking technology found in copy protection software the company has been shipping with some of its CDs.

Critics had slammed the software for being invasive and extremely difficult to remove because it uses some of the same 'rootkit' cloaking techniques normally found in spyware or viruses. Rootkit software uses a variety of techniques to gain access to a system and then cover up any traces of its existence so it can't be detected by system tools or antivirus software.

The patch, which was posted to Sony's website on Wednesday, was posted "to alleviate any concerns that users may have about the program posing potential security vulnerabilities", Sony said in a statement on the site. By installing the patch, users will not remove the copy protection software, called XPC, but they will make it visible to system tools and antivirus software.

XCP has been shipping on some Sony music CDs since early 2005. Licensed by Sony from a Banbury company called First 4 Internet, XCP prevents users from making more than three backup copies of any XCP-protected CD. Sony will not say how many of its CDs use the software.

Critics had complained that because the software is virtually impossible to detect, hackers might somehow take advantage of it in order to hide their own malicious code from antivirus software. They also criticised Sony for not adequately informing users of how it worked and for making it extremely difficult to remove XCP.

First 4 has described such concerns as "unnecessary".

Mathew Gilliat-Smith, CEO of First 4, said that in addition to writing the patch posted to Sony's website, First 4 has given software to antivirus vendors so that their products can now detect the XCP software.

First 4 is also in the process of developing a new version of XCP that will not use the controversial cloaking techniques, he added. "We feel it's sensible to allay any unnecessary fears," Gilliat-Smith said in an interview on Thursday.

He added that the cloaking techniques were used in order to keep one step ahead of illegal copiers. "This is content-protection software. One of the additional measures is to dissuade someone who is aggressively trying to circumvent the protections."

In this case, however, First 4 and Sony went too far, according to Mark Russinovich, the computer expert who first revealed how XCP works. "Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, but the software is poorly written," he wrote in a blog posting. "Worse, most users that stumble across the cloaked files will cripple their computer if they attempt the obvious step of deleting the cloaked files."